4.0.0 org.springframework.boot spring-boot-starter-parent 3.4.4 org.owasp.webgoat webgoat 2025.4-SNAPSHOT jar WebGoat WebGoat, a deliberately insecure Web Application https://github.com/WebGoat/WebGoat 2006 OWASP https://github.com/WebGoat/WebGoat/ GNU General Public License, version 2 https://www.gnu.org/licenses/gpl-2.0.txt nbaars Nanne Baars nanne.baars@owasp.org https://github.com/nbaars Europe/Amsterdam zubcevic René Zubcevic rene.zubcevic@owasp.org aolle Àngel Ollé Blázquez angel@olleb.com scm:git:git@github.com:WebGoat/WebGoat.git scm:git:git@github.com:WebGoat/WebGoat.git HEAD https://github.com/WebGoat/WebGoat Github Issues https://github.com/WebGoat/WebGoat/issues 3.0.0 5.3.5 3.3.0 3.6.0 3.2.1 1.27.1 2.19.0 3.14.0 1.13.0 33.4.7-jre 0.8.11 23 2.3.1 0.9.1 0.9.3 3.7.1 1.19.1 3.14.0 3.5.2 3.1.2 3.1.1 3.1.0 3.5.3 full 23 23 3.15.0 UTF-8 UTF-8 3.1.2.RELEASE 60 6.0.1 /WebGoat 8080 false 0.59 /WebWolf 9090 3.12.1 1.2 1.4.5 1.9.0 org.apache.commons commons-exec 1.4.0 org.asciidoctor asciidoctorj ${asciidoctorj.version} org.jsoup jsoup ${jsoup.version} com.nulab-inc zxcvbn ${zxcvbn.version} com.thoughtworks.xstream xstream ${xstream.version} cglib cglib-nodep ${cglib.version} xml-resolver xml-resolver ${xml-resolver.version} io.jsonwebtoken jjwt ${jjwt.version} com.auth0 jwks-rsa 0.22.1 com.auth0 java-jwt 4.5.0 com.google.guava guava ${guava.version} commons-io commons-io ${commons-io.version} org.apache.commons commons-text ${commons-text.version} org.bitbucket.b_c jose4j ${jose4j.version} org.webjars bootstrap ${bootstrap.version} org.webjars jquery ${jquery.version} org.webjars webjars-locator-core ${webjars-locator-core.version} org.wiremock wiremock-standalone ${wiremock.version} io.github.bonigarcia webdrivermanager ${webdriver.version} org.apache.commons commons-compress ${commons-compress.version} org.jruby jruby 10.0.0.0 com.microsoft.playwright playwright 1.51.0 org.apache.commons commons-exec org.springframework.boot spring-boot-starter-validation org.projectlombok lombok 1.18.38 provided true javax.xml.bind jaxb-api ${jaxb.version} org.springframework.boot spring-boot-starter-web org.springframework.boot spring-boot-starter-actuator org.flywaydb flyway-core org.flywaydb flyway-database-hsqldb org.asciidoctor asciidoctorj org.springframework.boot spring-boot-starter-data-jpa org.springframework.boot spring-boot-starter-security org.springframework.boot spring-boot-starter-thymeleaf org.springframework.boot spring-boot-starter-oauth2-client org.thymeleaf.extras thymeleaf-extras-springsecurity6 jakarta.servlet jakarta.servlet-api org.hsqldb hsqldb org.jsoup jsoup com.nulab-inc zxcvbn com.thoughtworks.xstream xstream cglib cglib-nodep xml-resolver xml-resolver io.jsonwebtoken jjwt com.auth0 jwks-rsa com.auth0 java-jwt com.google.guava guava commons-io commons-io org.apache.commons commons-lang3 org.apache.commons commons-text org.bitbucket.b_c jose4j org.webjars bootstrap org.webjars jquery org.webjars webjars-locator-core jakarta.xml.bind jakarta.xml.bind-api com.sun.xml.bind jaxb-impl runtime com.github.terma javaniotcpproxy 1.6 test org.springframework.boot spring-boot-starter-test test org.springframework.security spring-security-test test org.wiremock wiremock-standalone io.rest-assured rest-assured test com.microsoft.playwright playwright test org.springframework.boot spring-boot-properties-migrator runtime false central https://repo.maven.apache.org/maven2 false central https://repo.maven.apache.org/maven2 org.springframework.boot spring-boot-maven-plugin true true org.owasp.webgoat.server.StartWebGoat org.asciidoctor asciidoctorj repackage org.codehaus.mojo build-helper-maven-plugin add-integration-test-source-as-test-sources add-test-source generate-test-sources src/it/java org.apache.maven.plugins maven-failsafe-plugin ${webgoat.sslenabled} 127.0.0.1 ${webgoat.port} ${webgoat.context} 127.0.0.1 ${webwolf.port} ${webwolf.context} ${basedir}/src/test/resources/logback-test.xml -Xmx512m org/owasp/webgoat/integration/*Test, org/owasp/webgoat/playwright/**/*Test integration-test integration-test verify verify org.apache.maven.plugins maven-surefire-plugin ${maven-surefire-plugin.version} 600 --enable-native-access=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED **/*IntegrationTest.java **/*UITest.java org.apache.maven.plugins maven-checkstyle-plugin ${checkstyle.version} true true config/checkstyle/checkstyle.xml config/checkstyle/suppressions.xml checkstyle.suppressions.file com.diffplug.spotless spotless-maven-plugin 2.44.3 src/**/*.java ${project.basedir}/config/license-headers/java (package|import) .gitignore true 4 **/*.md src/main/java/**/*.java src/test/java/**/*.java src/it/java/**/*.java true UTF-8 ${line.separator} true false true 2 false false recommended_2008_06 true true true check org.apache.maven.plugins maven-enforcer-plugin 3.5.0 restrict-log4j-versions enforce validate org.apache.logging.log4j:log4j-core true org.apache.maven.plugins maven-compiler-plugin local-server start-server true org.codehaus.mojo build-helper-maven-plugin reserve-container-port reserve-network-port process-resources webgoat.port webwolf.port org.honton.chas process-exec-maven-plugin 0.9.2 start-jar start pre-integration-test ${project.build.directory} ${webgoat.sslenabled} 127.0.0.1 ${webgoat.port} ${webgoat.context} 127.0.0.1 ${webwolf.port} ${webwolf.context} java -jar -Dlogging.pattern.console= -Dwebgoat.server.directory=${java.io.tmpdir}/webgoat_${webgoat.port} -Dwebgoat.user.directory=${java.io.tmpdir}/webgoat_${webgoat.port} -Dspring.main.banner-mode=off --enable-native-access=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.desktop/java.beans=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED ${project.build.directory}/webgoat-${project.version}.jar false ${waittimeForServerStart} http://127.0.0.1:${webgoat.port}${webgoat.context}/login stop-jar-process stop-all post-integration-test owasp false org.owasp dependency-check-maven 7 false false ${maven.multiModuleProjectDirectory}/config/dependency-check/project-suppression.xml check coverage false org.apache.maven.plugins maven-surefire-plugin ${maven-surefire-plugin.version} --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED ${surefire.jacoco.args} **/*IntegrationTest.java src/it/java org/owasp/webgoat/*Test org.jacoco jacoco-maven-plugin before-unit-test prepare-agent ${project.build.directory}/jacoco/jacoco-ut.exec surefire.jacoco.args check check BUNDLE CLASS COVEREDCOUNT 0.6 ${project.build.directory}/jacoco/jacoco-ut.exec after-unit-test report test ${project.build.directory}/jacoco/jacoco-ut.exec ${project.reporting.outputDirectory}/jacoco-unit-test-coverage-report